CISPA Still Misguided -Threatens Individual Privacy

CISPA is a bill proposed by Mike Rogers designed to allow government agents access to all of your private online data that is being hosted with service providers without a warrant. They’d like to pass this law in order to catch cyber-criminals, terrorists and pedophiles.

They would use their newfound power to provide:

cybersecurity

investigation and prosecution of cybersecurity crimes

protection of individuals from the danger of death or physical injury

protection of minors from physical or psychological harm such as child pornography

protection of the national security of the United States.

Sounds Great! Sign Me Up!

Those things sound great! Who doesn’t want protection from death or physical injury? There’s just one problem. This bill encourages service providers to purposefully search through our data, and gives them full immunity if they decide to start passing things to the government, and with no penalty for doing so.

Imagine this scenario: Some employees at AT&T are charged with “cyber-security”. They have access to ALL AT&T customer data, and they set up hundreds of automated searches to just look for keywords or patterns of them, in email going through the system. Those people are going to be reading your email, your wife’s email, your children’s, your neighbor’s, and anyone else they feel like spying on. Then, based on their personal opinion, they’re going to shoot copies of it off to the Feds who are getting it without a warrant, or even probable cause!

Keep in mind that in order to stay ahead of the criminals they are going to have to look for really boring language that might mean something else entirely. So, an email about the weather might just be cybercriminal talk about how to hack, or build a bomb or where to pick up a baby bought on the black market, right?

Lets say that some rookie at AT&T doesn’t really know what he’s looking at, so he shoots it over to the Feds anyway. What’s the harm in getting a few more eyeballs on it, right? Well, its an affront to privacy. By the way, who trains these guys about what to look for? And where is the standardization in their training? Oh, that’s right. No one.

The Video

Here’s a little overview video to get you started. Then I’ll give you even more reasons CISPA is ridiculous.

Why CISPA is So Absurd

It’s been almost 6 years since I first told you guys about the Freenet Project. It’s basically an alternate Internet within the Internet where everyone is completely anonymous. You can join it here. And then you can basically do, or say, anything you like without being tracked or caught.

Completely free, military grade encryption is widely available and dead simple to use. For example, GnuPG is a free, open-source version of PGP, which has been around for at least a decade. If you want to communicate with someone else privately, you can feel free to encrypt a note and send it through any public means (email, chat, etc.) without fear of it’s contents being opened.

Those are just two of the tools that literally every person on the Internet has access to – right now! And you think the criminals aren’t using them? Why in God’s name would any criminal NOT be using them? The really bad ones are. And many more tools to hide themselves. That’s why they are cyber-criminals. And having worked for multiple providers who have security teams, I’ll tell you that they’re already catching the dumb ones.

So, any law designed to snoop through private data is mainly going to have access to the non-lawbreaking citizen’s data, or the rank amateur’s data, which aren’t really the big threat. Plus, if the criminals know what’s going on all they have to do is flood the system with a ton of fake data just to throw people off. And while they are at it, attribute that fake data to real private citizens in order to really cover their tracks.

The Next Internet Arms Race

People don’t protect their data currently because they don’t deem it necessary. The law already protects them at least from prying government eyes, although they are naive about the risks from hackers and other illegal threats (even rogue employees at their service providers). But if the game changed, and everyone became aware that basically anyone could gain access to their private data, they would likely change habits in response.

Given that the tools already exist to do this, they just need better interfaces that are more integrated into today’s platforms. Service providers will pop up to fill that need.

For example, you can already get a PGP plugin for GMail that works in the Chrome browser here. It allows you to automatically encrypt and decrypt all of your emails. It’s not perfect, but it would take almost no effort to go from this to a completely finished product.

And in fact, other email clients already exist that do perfectly incorporate PGP.

Service providers who are in the habit of storing personal data will begin encrypting it so that even they can’t access it. Why? Because the public would be willing to pay for it! And after all, any time a new bill is passed there is always a lot of money to be made by someone. Isn’t it funny how major players are supporting the bill? Companies exist for profit, so why would they support something that squashes privacy? I’ll let you decide.

That’s Not How the United States Works

It’s a hard job catching criminals. Guess what? They actually try not to be caught! And this means that our police force will always be looking to gain more power, and more autonomy so they can do a better job!

The problem is, power corrupts – absolutely. And when our police force is seeking power they do so with good intentions, but without considering how their new power can be abused by member’s of their own kind. And it will be. The only questions are when, how, and how often?

We are not a country that gives our caretakers absolute freedom to deal with criminals in any way they want. We have due process of law, the right to privacy, and freedom from being treated as a criminal when we are not one.

I would LOVE to hear your thoughts on this matter in the comments. PLEASE, tell me if you agree, or disagree with me and why? Also, read the bill so you have the facts! I might have exaggerated a little here or there for effect, but I’m especially interested in additional points both in support of and against CISPA. So let’s have em’!